EN 14890-2:2008

Foreword
1 Scope
2 Normative references
3 Terms and definitions
4 Abbreviations and notation
5 Additional Service Selection
6 Client/Server Authentication
   6.1 General
   6.2 Client/Server protocols
   6.3 Steps preceding the client/server authentication
   6.4 Padding format
   6.5 Client/Server protocol
7 Role Authentication
   7.1 Role Authentication of the card
   7.2 Role Authentication of the server
   7.3 Symmetrical external authentication
   7.4 Asymmetric external authentication
8 Encryption Key Decipherment
   8.1 Steps preceding the key decryption
   8.2 Key Management with RSA
   8.3 Diffie-Hellman key exchange
   8.4 Algorithm Identifier for DECIPHER
9 Signature verification
   9.1 Signature verification execution flow
10 Certificates for additional services
   10.1 File structure
   10.2 EF.C.CH.AUT
   10.3 EF.C.CH.KE
   10.4 Reading Certificates and the public key of CAs
11 APDU data structures
   11.1 Algorithm Identifiers
   11.2 CRTs
Annex A (normative) - Security Service Descriptor Templates
   A.1 Introduction
   A.2 Security Service Descriptor Concept
   A.3 SSD Data Objects
   A.4 Location of the SSD templates
   A.5 Examples for SSD templates
Annex B (informative) - Key and signature formats for elliptic
        curves over prime fields GF(p)
   B.1 General
   B.2 Elliptic curve parameters
   B.3 Public key point
   B.4 ECDSA signature format
Annex C (informative) - Security environments
   C.1 Introduction
   C.2 Definition of CRTs (examples)
   C.3 Security Environments (example)
   C.4 Coding of access conditions (example)
Annex D (informative) - Interoperability aspects
   D.1 General
   D.2 Choosing device authentication
   D.3 Choosing User verification method
Annex E (informative) - Example of DF.CIA
Bibliography